I have a GRE tunnel configured between two linux boxes. The tunnel works fine. I can ping from each host the other private ip.

Head
privateip: 10.0.0.1

publicip: 8.8.8.8

Tail
privateip: 10.0.0.2

publicip: 7.7.7.7

The public IP on Tail has the network block 9.9.9.0/23 statically routed over the 7.7.7.7 interface. The idea is to make the 9.9.9.0/23 ips work on servers on the 8.8.8.8 network.

I configure the tail host to route the /23 block. I mounted a 9.9 IP on the head server. I can ping the 9.9 ip from the tail to the head.

I can't ping the 9.9 ip from the public internet.

I think I need to add some other routes because of gateway issues, but I can't seem to wrap my mind around it (not a router guy, just beating my way through something that I have never done before and vaguely understand)

And that's it, you should have a fully functional tunnel and the ability to route ips that are far away from were you want to use them, so you can now start to bind some daemons to those IPs.

Another thing to have in mind is that if you have so many IPs, you've to be careful with your broadcast domain on point A, and if you're planning to tunnel more than 500 IPs, then you've to change the default values of Linux for the arp table in order to keep all entries: